Switch IndexedDB transactions to be non-durable by default

RESOLVED FIXED in Firefox 40

Status

()

Core
DOM: IndexedDB
RESOLVED FIXED
3 years ago
6 months ago

People

(Reporter: Ben Turner (not reading bugmail, use the needinfo flag!), Assigned: Ben Turner (not reading bugmail, use the needinfo flag!))

Tracking

({dev-doc-complete})

Trunk
mozilla40
x86
Windows 8.1
dev-doc-complete
Points:
---
Dependency tree / graph
Bug Flags:
in-testsuite +

Firefox Tracking Flags

(firefox40 fixed, relnote-firefox 40+)

Details

Attachments

(1 attachment)

The proposal is to change our IndexedDB write transactions to more closely align with Chrome/IE which favor performance over durability. We will have an opt-in mechanism to have per-transaction durability for consumers that care.

Comment 1

3 years ago
+1
Can you clarify the risk profile here?  Specifically, a crash shortly-after a non-durable transaction commits may result in:
A) Database corruption.  The whole database may need to be blown away because the pages of the database may not be in a coherent state. (non-WAL PRAGMA SYNCHRONOUS=0/OFF, low probability on non-WAL PRAGMA SYNCHRONOUS=1/NORMAL)
B) Loss of the most recent transaction but the database should probably be coherent. (non-WAL PRAGMA SYNCHRONOUS=1/NORMAL)
C) Loss of multiple recent transactions but the database will still be coherent at that earlier point.  (WAL with SYNCHRONOUS=1/NORMAL and where a checkpoint is not triggered)

Since IndexedDB currently uses PRAGMA synchronous=2/FULL, I'm assuming this is a proposal to drop to NORMAL or OFF?  Or is the idea to switch to using WAL with PRAGMA synchronous=1/NORMAL and the opt-in mechanism would just make sure to trigger a checkpoint as part of the transaction?

The WAL option sorta sounds preferable since the non-WAL options seem more likely to result in database corruption, requiring apps to make every transaction be durable.  Or to shard things so that there is one IndexedDB database that is where the really important stuff is (config, drafts for email), and another happy-go-lucky DB for stuff that isn't authoritative (synced email).
IDB currently runs with non-WAL and SYNCHRONOUS=NORMAL (unless you set an obscure pref that might flip it to FULL).

The change will be to make normal write transactions run with WAL and SYNCHRONOUS=NORMAL. If WAL mode isn't available for some reason then we'll still use SYNCHRONOUS=NORMAL.

The specially-opted-into durable write transactions will essentially run with WAL and SYNCHRONOUS=FULL (it won't actually because we're changing the way we use connections, but that'll be the end result).
Awesome.  Thanks for the clarification!
We're absolutely not going to introduce opportunities for database corruption.
(In reply to ben turner [:bent] (use the needinfo? flag!) from comment #3)
> (it won't actually because we're changing the way we use connections,
> but that'll be the end result).

Through manual checkpointing.
Depends on: 1131766
Created attachment 8562320 [details] [diff] [review]
Patch, v1

This gives us an optional mode to say "no, really, I want it on disk".
Attachment #8562320 - Flags: review?(Jan.Varga)
Depends on: 866846
Comment on attachment 8562320 [details] [diff] [review]
Patch, v1

Review of attachment 8562320 [details] [diff] [review]:
-----------------------------------------------------------------

We should test that if experimental features are not enabled then readwriteflush throws.

r=me w/that
Attachment #8562320 - Flags: review?(Jan.Varga) → review+
https://hg.mozilla.org/integration/mozilla-inbound/rev/0b4de21b759f
Backed out in https://hg.mozilla.org/integration/mozilla-inbound/rev/beb016173f6f - see bug 866846 comment 21
https://hg.mozilla.org/integration/mozilla-inbound/rev/3be650e84eea
Backed out for frequent bc1 oranges
https://treeherder.mozilla.org/logviewer.html#?job_id=8256324&repo=mozilla-inbound

https://hg.mozilla.org/integration/mozilla-inbound/rev/0b12fc331918
Flags: needinfo?(bent.mozilla)
https://hg.mozilla.org/integration/mozilla-inbound/rev/b0c5f21c7811
https://hg.mozilla.org/mozilla-central/rev/b0c5f21c7811
Status: ASSIGNED → RESOLVED
Last Resolved: 2 years ago
status-firefox40: --- → fixed
Flags: in-testsuite+
Resolution: --- → FIXED
Target Milestone: --- → mozilla40
Release Note Request (optional, but appreciated)
[Why is this notable]: This will have an impact on devs.
[Suggested wording]: IndexedDB transactions now non-durable by default
[Links (documentation, blog post, etc)]:
relnote-firefox: --- → ?
Flags: needinfo?(bent.mozilla)
Keywords: dev-doc-needed
Is there any examples that will be affected by this change? I see the new readwriteflush mode in the patch but readwrite is still the default mode, right?
relnote-firefox: ? → 40+

Updated

2 years ago
Flags: needinfo?(bent.mozilla)
(In reply to Kohei Yoshino [:kohei] from comment #16)
> Is there any examples that will be affected by this change? I see the new
> readwriteflush mode in the patch but readwrite is still the default mode,
> right?

Well, the default mode for transactions is actually 'readonly'. But the new 'readwriteflush' mode is not available unless you have enabled the indexedDB experimental feature preference. Without that preference set you are only able to use 'readonly' and 'readwrite'.
Flags: needinfo?(bent.mozilla)
Oh I meant 'readonly', of course I know that because my app uses IndexedDB.

> optional IDBTransactionMode mode = "readonly"

So I guess there would be no backward compatibility issues here.
(In reply to Kohei Yoshino [:kohei] from comment #18)
> So I guess there would be no backward compatibility issues here.

Right.
Thanks! Removing the relnote-firefox flag given the dom.indexedDB.experimental pref is defaulted to false at this moment.
relnote-firefox: 40+ → ---
(In reply to Kohei Yoshino [:kohei] from comment #20)
> Thanks! Removing the relnote-firefox flag given the
> dom.indexedDB.experimental pref is defaulted to false at this moment.

Well, this change is still worthy of a relnote in my opinion (and see comment 15). The change won't affect the code that people write but it will affect the timing of the 'complete' event and the behavior in the event of a system crash.
Flags: needinfo?(kohei.yoshino)
Ah, then put the relnote flag back... I don't add the site-compat flag though.
relnote-firefox: --- → ?
Flags: needinfo?(kohei.yoshino)
relnote-firefox: ? → 40+
I've written up a definition of durability and what the current state in browsers is:

https://developer.mozilla.org/en-US/Firefox/Releases/40#IndexedDB

I've also mentioned this on relevant pages:

https://developer.mozilla.org/en-US/docs/Web/API/IDBDatabase/transaction
https://developer.mozilla.org/en-US/docs/Web/API/IDBTransaction/oncomplete

And added a link to the definition in the release notes:

https://developer.mozilla.org/en-US/Firefox/Releases/40#IndexedDB

bent helped me write this, but another tech review would be cool, just as a sanity check.
Keywords: dev-doc-needed → dev-doc-complete
Thanks Chris! One thing to note though is that the "readwriteflush" mode is only available if the "dom.indexedDB.experimental" pref is set to true.
Flags: needinfo?(cmills)
Added this info; thx Ben.

And the correct link for the 'durable' definition is:

https://developer.mozilla.org/en-US/docs/Web/API/IndexedDB_API/Basic_Concepts_Behind_IndexedDB#durable
Flags: needinfo?(cmills)
You need to log in before you can comment on or make changes to this bug.